Dragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-271034	SRG-APP-000402	DRAG-OT-001750	SV-271034r1057745_rule	2024-12-23	1

Description
The use of Personal Identity Verification (PIV) credentials facilitates standardization and reduces the risk of unauthorized access. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Satisfies: SRG-APP-000402, SRG-APP-000403, SRG-APP-000391, SRG-APP-000392, SRG-APP-000402, SRG-APP-000403, SRG-APP-000177, SRG-APP-000176, SRG-APP-000175, SRG-APP-000401

Description

The use of Personal Identity Verification (PIV) credentials facilitates standardization and reduces the risk of unauthorized access. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Satisfies: SRG-APP-000402, SRG-APP-000403, SRG-APP-000391, SRG-APP-000392, SRG-APP-000402, SRG-APP-000403, SRG-APP-000177, SRG-APP-000176, SRG-APP-000175, SRG-APP-000401

ℹ️ Check
Verify that Dragos is configured to use the DOD CAC or other PKI credential to log in to the application. Log in to the application. If DOD CAC or other PKI is not configured, this is a finding.

✔️ Fix
Configure an SSO proxy service using LDAP to provide PKI credentials.